Detect Web Application Firewall (WAF) before you attack

WEB APPLICATION FIREWALL BASICS:-

WAF (Web application firewalls) plays an important role in securing the websites. As they filter/ monitor the traffic. Web Application Firewalls offers protection against large vulnerabilities. Many companies now days are upgrading their existing infrastructure to implement web application firewalls. Web application firewalls cannot be resolve security problems on its own, proper configuration must be done to identify and block the external attacks.

Before starting you must know, where web application firewall is used over the network. In the below image Web application firewall is between the classic firewall and the web server. Web application firewall monitor the traffic and protects from outside attacking.

FINGERPRINTING:-

Before knowing the web application firewall it is important to gather basic information of the target. Fingerprint is the method used to gather information about the target as much possible. The most common method for the pentesters is to fingerprint the target web presence. With this fingerprinting the pentester may develop an accurate attack scenario, which will find an vulnerability further. Now we wil use basic telnet for fingerprinting a website.

FINGERPRINTING USING TELNET:

Telnet is a tool mostly used by network administrators/pentesters. Telnet allows you to connect remote computers on any port as mentioned.

After using the telnet on the target port 80, it shows the server on which website is hosted and the backend language on which website has been written (marked in RED). The above information can be used in other hacking activities.

Above output also returns “X-Varnish: 1823464611″

Varnish is actually a caching HTTP reverse proxy. Varnish reduces the web application threats. This HTTP parameter in HTTP response we found using telnet shows the presence of Varnish in the target.

FINGERPRINTING USING NMAP :-

Nmap is the security auditing tool mostly used by pentesters and network adminstrators. Nmap is used in information gathering of the target.

After executing the wafw00f. It shows that the target website is using ModeSecurity (OWASP CRS) web application firewall.

The above information is vital and can be used in other hacking activities.

CONCLUSION:-

In this article we learned, how to detect web application firewalls. It’s an important part of the web penetration testing. This method is used initial phase of penetration testing.

Ethical hacking researcher says that having web application firewall (waf) is becoming important day by day and it is always important to analyze your web applications logs to find new attacks happening on the backend web application server. This is enable you to customize rules in your web application firewall to provide maximum security.